Hi, I'm familiar with Brendan Gregg, although I haven't been following him closely. I have admired his work and sometimes I regret not buying his books yet.
If you have the impression that my concern is with some load issue, let me clarify. I have not been using pnscan for any purpose. I just saw that it was described as a multi-threaded port scanner, and thought it might be useful in my work someday. I encountered the clamscan flag of pnscan when I was investigating why memory and swap usage were becoming unusually high on one of my systems. I don't see any reason to have certainty that pnscan has anything to do with that problem. I didn't see it in the process table, anyway. But I was uneasy when I saw this result. And more uneasy when clamscan had the same complaint with a fresh install of pnscan from the repository. One thing I didn't mention in the original submission is that when I researched the clamscan complaint while pnscan was still installed (by looking for "Unix.Tool.Pnscan-8031486-0"), a weird graphic appeared on the screen of a frog (I think it was a frog) with big smile, holding a fishing pole with a line in a hole (ice hole?). That was freaky and unnerving. When I repeated this search (several times) after pnscan was purged, I no longer saw this graphic. Now, it's rational that some malware might incorporate code from pnscan for its own purposes, and maybe that's what clamscan wants to be looking for, but if clamscan doesn't incorporate any mechanism to distinguish between that malware and pnscan, then confusion results. If you haven't contacted the clamav folks on this point, I'll do that. On Tue, Apr 19, 2022 at 8:35 PM Seth Arnold <1968...@bugs.launchpad.net> wrote: > Hello, my guess is clamav is helpfully pointing out that the program > exists at all; I doubt it has any intelligence beyond looking for a few > markers for pnscan within files named pnscan. > > Diagnosing load issues takes a bit of work; I suggest starting with > https://www.brendangregg.com/blog/2015-12-03/linux-perf-60s-video.html > to get a feeling of useful steps to take. > > Thanks > > -- > You received this bug notification because you are subscribed to the bug > report. > https://bugs.launchpad.net/bugs/1968806 > > Title: > Clamscan reports Unix.Tool.Pnscan-8031486-0 in 1.12+git20180612-2 > pnscan version > > Status in pnscan package in Ubuntu: > Incomplete > > Bug description: > My system showed unusually high memory and swap usage for a few weeks, > also occasional lags in situations when it was always brisk before. I > naturally ran clamscan to check. Pnscan was flagged as containing the > malware. I removed and purged pnscan, and continued to scan for > anything else out of line. Saw nothing else, and rebooted. Memory > and swap usage was normal for several hours. Then I reinstalled > pnscan from the repository. Clamscan reported > Unix.Tool.Pnscan-8031486-0 in pnscan again. So I removed and purged > pnscan again. > > I recognize that clamscan could be misleading here, but I never saw > this report before, and it's clear that my memory and swap issues > haven't returned. > > I'm going to suggest this is a security vulnerability, even though the > clamscan result might be misleading. > > lsb_release -rd > Description: Ubuntu 20.04.4 LTS > Release: 20.04 > > uname -a > Linux ryzen7 5.4.0-107-lowlatency #121-Ubuntu SMP PREEMPT Thu Mar 24 > 16:45:08 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux > > pnscan 1.12+git20180612-2 > > ProblemType: Bug > DistroRelease: Ubuntu 20.04 > Package: pnscan 1.12+git20180612-2 > ProcVersionSignature: Ubuntu 5.4.0-107.121-lowlatency 5.4.174 > Uname: Linux 5.4.0-107-lowlatency x86_64 > ApportVersion: 2.20.11-0ubuntu27.23 > Architecture: amd64 > CasperMD5CheckResult: skip > CurrentDesktop: KDE > Date: Tue Apr 12 20:48:45 2022 > InstallationDate: Installed on 2012-12-03 (3417 days ago) > InstallationMedia: Kubuntu 12.10 "Quantal Quetzal" - Release amd64 > (20121017.1) > ProcEnviron: > PATH=(custom, no user) > XDG_RUNTIME_DIR=<set> > LANG=en_US.UTF-8 > SHELL=/bin/bash > SourcePackage: pnscan > UpgradeStatus: Upgraded to focal on 2020-04-29 (713 days ago) > > To manage notifications about this bug go to: > > https://bugs.launchpad.net/ubuntu/+source/pnscan/+bug/1968806/+subscriptions > > -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1968806 Title: Clamscan reports Unix.Tool.Pnscan-8031486-0 in 1.12+git20180612-2 pnscan version To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pnscan/+bug/1968806/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
